Wondering from a legal and/or best practices standpoint: Let's say a person ("John Smith") subscribes (opts in) to one of our newsletters with the email address john.smith@somecompany.com. We also have the email address johnsmith@gmail.com on file for him (not due to subscribing, per se, but perhaps an old customer record). If john.smith@somecompany.com bounces later on, are we allowed (legally and/or ethically) to update his invalid email address in Marketo with johnsmith@gmail.com, the other one we have on file? Or would John Smith have to actively request/opt-in with johnsmith@gmail.com?

To further complicate the scenario, what if John Smith unsubscribed via a link on an email sent to john.smith@somecompany.com? In a country like the US where opt-in is not required, could we update his email address in Marketo to johnsmith@gmail.com since he has not yet unsubscribed for that email address? Or is that not ok since we know it's the same person? Are opt-ins and opt-outs tied to an individual person or to an individual email address? Does it depend on whether you're looking at this from a legal standpoint or an ethical/best practices standpoint?

I know in Marketo the unsubscribe is tied to the individual email address, and there is only one email address per lead. But we have many duplicates in terms of same person with more than one lead record, often with a different email address.

This is a good question, and I'd love to hear other's thoughts as well.

From a tactical standpoint, you can build a trigger that once a unsubscribe occurs, it will update all secondary email address fields on the record to also reflect unsubscribe. If that is the behavior that you want, and if marketo can see all the fields.

For duplicate persons but different email addresses - tools like DemandTools (my fave) and Ringlead can dedupe based on other fields besides email address, such as name and/or company, location etc.

The international piece does throw a wrench in things I think, so that definitely needs to be explored further.

That is an interesting idea. We don't currently have secondary email address custom fields in Marketo though the idea has been brought up several times. We do keep multiple email addresses for individuals in various databases/sources, but only 1 is currently being fed to Marketo. Have you leveraged secondary email address fields in Marketo? And for what purpose?

To be frank, my question is pretty much the opposite scenario though. Some of our colleagues believe that the unsubscribe applies only per email address, and they'd simply resubscribe the same individual under a different email address we have on file for them. This makes me very nervous from a spam law perspective, not to mention simply being annoying to our contacts.

Have you leveraged secondary email address fields in Marketo? And for what purpose?

In our experience it can be useful as a fallback in the event the main addy becomes invalid (not unsubscribed, but bad).. If you have the data, there's no reason to not record it, right? Of course some people have the irrational expectation that all communications will go to both addresses, which ain't going to happen.

This makes me very nervous from a spam law perspective, not to mention simply being annoying to our contacts.

It should make you nervous! Consult your legal counsel, but CASL refers to "persons" and not, for counterexample, "electronic mailboxes" which might be a little more fluid. While "person" is not specifically defined, from the context of the rest of the law it appears to refer to one human being and not to individual digital presences.

Our legal team agreed that the law appears to apply to an individual person's decision to receive/opt-out of certain communications rather than by email address. They said that however, if the emails were going to two separate addresses concurrently, and the individual opted out of only one, then an argument could be made they are not opting out of the communication altogether.

Have you found a good process for identifying the scenario where josh@ and josh.hill@ are indeed the same person but their unsub status is in-congruent? We also have cases where the aliases can also be wildly different. Curious if there's a best practice for handling this.

I would advise that people talk to your legal counsel or privacy expert in your territory (and the territory within which you send emails) because it's VERY different in different regions. I'm saying this because I know that a lot of the stuff mentioned above is very different to what we have under Australian law.

Not only do you need to check with legal here, you need to check with legal in your own country. The rules could be different.

Marketo's own training material used to say if you had two people say, veronica@gmail.com and veronica@workemail.com, you should keep them separately and treat them separately because people may legitimately wish to opt out of a work email and subscribe to a personal one, or vice versa. It seems sensible to me in this situation to treat the email address as the opt-in/out entity so I can track the preferences of the person more accurately.